You are on page 1of 14

Attack and

Defense in
Wireless Networks

Presented by Aleksandr Doronin

Outline  Wireless Networks and Security  Attacking and defending WEP  Attacking and defending WPA/WPA2  Common defense techniques  Summary .

Wireless Networks and Security 1) What are Wireless Networks? • A wireless network is the way that a computer is connected to a router without a physical link. but someone might trip over them. Also there's a possibility to read wirelessly transferred data (by using sniffers) . 3) Why security? • Attacker may hack a victim’s personal computer and steal private data or may perform some illegal activities or crimes using the victim’s machine and ID. 2) Why do we need? • Facilitates mobility – You can use lengthy wires instead.

Wireless Networks and Security Three security approaches: 1. . WPA (Wi-Fi Protected Access) 3. Version 2) WPA also has two generations named Enterprise and Personal. WPA2 (Wi-Fi Protected Access. WEP (Wired Equivalent Privacy) 2.

It should be 10 hex or 5 ASCII characters in length for 40/64-bit encryption and 26 hex or 13 ASCII characters in length for 104/128-bit encryption.WEP (Wired Equivalent Privacy)  Encryption:  40 / 64 bits  104 / 128 bits 24 bits are used for IV (Initialization vector)  Passphrase:  Key 1-4  Each WEP key can consist of the letters "A" through "F" and the numbers "0" through "9". .

The default is 3600 seconds . which instructs the device how often it should change encryption keys.WPA/WPA2 Personal  Encryption:  TKIP  AES  Pre-Shared Key:  A key of 8-63 characters  Key Renewal:  You can choose a Key Renewal period.

Attacking WEP • iwconfig – a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in “monitor” mode which is essential to sending fake ARP (Address Resolution Protocol) requests to the target router • macchanger – a tool that allows you to view and/or spoof (fake) your MAC address • airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon) • airodump – a tool for capturing packets from a wireless router (otherwise known as an AP) • aireplay – a tool for forging ARP requests • aircrack – a tool for decrypting WEP keys .

There are devices that support "dynamic WEP" which is off the standard but allows different WEP keys to be assigned to each user. How to defend when using WEP  Use longer WEP encryption keys. To do this. and use a VLAN to the access points to the IPSec server.  Implement a different technique for encrypting traffic. . which makes the data analysis task more difficult.  Change your WEP keys frequently. such as IPSec over wireless. you will probably need to install IPsec software on each wireless client. including WEP. If your WLAN equipment supports 128-bit WEP keys. that may include sensitive information.  Use a VPN for any protocol. install an IPSec server in your wired network.

Attacking WPA • macchanger – a tool that allows you to view and/or spoof (fake) your MAC address • airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon) • airodump – a tool for capturing packets from a wireless router (otherwise known as an AP) • aireplay – a tool for forging ARP requests ― Capture WPA/WPA2 handshakes by forcing clients to reauthenticate ― Generate new Initialization Vectors • aircrack – a tool for decrypting WEP keys (should be used with dictionary) .

and if this password is extremely complicated it will be almost impossible to crack  Passphrase Complexity – select a random passphrase that is not made up of dictionary words. Select a complex passphrase of a minimum of 20 characters in length and change it at regular intervals .How to defend when using WPA  Passphrases – the only way to crack WPA is to sniff the password PMK associated with the handshake authentication process.

 Restrict access to your wireless network by filtering access based on the MAC (Media Access Code) addresses  Use Encryption .Common defense techniques  Change router default user name and password  Change the internal IP subnet if possible  Change default name and hide broadcasting of the SSID (Service Set Identifier)  None of the attack methods are faster or effective when a larger passphrase is used.

Summary  Change all possible default router settings  Use encryption (WPA/WPA2)  Use long and complex keys/passphrases .

Thank you! .

aircrack-ng.References  http://www.2l16l0 .org/  http://www.youtube.3.8.org/  http://www.backtrack-linux.3.com/results? search_query=cracking+WEP+and+WPA+with+backtrack &oq=cracking+WEP+and+WPA+with+backtrack&aq=f&aqi =&aql=1&gs_sm=e&gs_upl=1621l12434l0l12642l47l46l0l3 0l0l0l412l4248l0.